Web Shield (AVG Business Antivirus)
Web Shield helps protect your system from threats when you are browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on your PC. Detected malicious connections/downloads will be blocked by Web Shield automatically.
You can enable and configure web, HTTPS, and script scanning for Web Shield.
We do not recommend installing this component on a server OS that is also running Microsoft Exchange. The Exchange and Anti-Spam components handle Exchange-level filtering and will conflict with this component.
Web Shield is part of the Core Shields of the AVG Business client, and it can be seen under the Web & Email section.
From the Web & Email section, you can enable/disable this component using the dedicated toggle.
Note that it is not possible to individually enable/disable Web Shield in managed devices - only all core shields can be disabled/enabled at once from the Advanced Settings. Unmanaged devices have free control over disabling/enabling these shields.
Configuring Web Shield Settings
Advanced Web Shield settings can be accessed by either clicking the gear icon on the Web & Email screen or navigating to Menu > Settings > Basic Protection > Email Shield.
The following options are available here:
- Web Shield toggle: Turns the shield on or off.
- Enable HTTPS scanning: Enables Web Shield to scan websites with encrypted connections. If disabled, only websites with unsecured connections are scanned.
- Enable QUIC/HTTP3 scanning: Scans communications sent and received via Google's QUIC protocol.
- Enable WebSocket protocol scanning: Scans the network traffic commonly used by web applications.
- Enable DNS/DoH scanning: Scans the network traffic for malicious patterns in domain resolutions.
- Protect against botnets: Prevents botnets from using your computer to attack other computers.
- Enable Script scanning: Allows Web Shield to block malicious scripts being run in browsers and other applications. This includes remote threats from the web and outside sources, and local threats saved to disk or in the browser cache. Script scanning can also detect and block malicious scripts that come from HTTPS (encrypted) connections.
- Enable site blocking: Allows Web Shield to block access to specified websites (see the section below for more information).
Blocking Specific Websites
You can specify the websites you want to block by clicking the Block a new website button under the Enable site blocking setting, then specifying the website URL. Added URLs will be visible at the bottom of the settings and can be edited or deleted if needed.
Note that site blocking always overrides the exceptions.
Additional Geek Area Settings
Within the Geek Area, there are several further settings for Email Shield. To access these:
- Go to Menu, then select Settings
- Click Search in the top right corner
- Type geek:area in the search field, then hit Enter
- Scroll down to the Web Shield section
There are four detection types you can configure here:
- Action to be performed when a virus is found
- Action to be performed when a potentially unwanted program is found
- Action to be performed when a potentially unwanted tool is found
- Action to be performed when a suspicious object is found
For each type, it is possible to only configure one single action. The available actions can be selected from each drop-down menu:
- Abort connection (selected by default): Terminates the connection with the applicable website as soon as a potential threat is detected.
- Ask: Gives you the option to terminate the connection with the applicable website or remain connected when a potential threat is detected. Remaining connected may be risky.
Apart from these options, you can define whether Web Shield will:
- Scan traffic from well-known browser processes only: With this option enabled, Web Shield only monitors HTTP traffic for the most common browsers.
- Show a notification window when an action is taken (enabled by default): You will receive a notification from AVG each time Web Shield detects a threat.
- Protect Internet Explorer/Mozilla Firefox/Google Chrome/Adobe Acrobat Reader/other applications with Script Shield: Tick or untick the relevant boxes to specify which browsers and applications are protected by Script Shield. Commonly used browsers, Adobe Acrobat Reader, and all other applications on your PC are protected by default.
- Script Shield prevents browsers and other applications from running potentially malicious scripts. This includes remote threats from the web and outside sources, local threats downloaded to your hard drive or in the browser cache, and scripts that come from encrypted connections.
It is also possible to configure the report file here in order to enhance the reporting of the shield:
- Report file name: Enter a name for the report file (default * will use the default file name)
- The Generate report file option needs to be enabled for the report file to be created.
- Report file type: Select the format of the report file:
- Plain text (ANSI)
- Plain text (Unicode)
- XML
- If report file exists: Select Append if you want new results to be added to the end of the previous report, or Overwrite if you want new results to replace the previous report
- Using the Append option will gradually increase the size of the report file on the disk. Including informative events such as OK will also greatly increase the size on the disk as every clean file will be reported.
- Reported items: Define which events appear in report files. Type any of the following events into the text box provided, ensuring entries are separated by semicolons:
- Infected — Files and areas of the scanned environment that the virus scan identifies as containing malware
- HardErrors — Unexpected errors that require further investigation
- SoftErrors — Minor errors, such as a file being unable to be scanned because it was in use
- OK — Files and areas that the virus scan identified as being clean
- Skipped — Files and areas that the virus scan did not check because of the scan settings
Revoked Certificates
Web Shield can also block users from accessing sites with revoked certificates. They will receive only a tray notification.
The user/administrator should use a tool such as https://ssllabs.com/ssltest/analyze.html to further analyze the site, or report the issue to the owner.
Adding Web Shield Exceptions
If needed, you can add exceptions to the Web Shield scans through the Exceptions tab of the Settings > General section. This can speed up the scans and prevent false-positive detections. For detailed instructions, see Configuring Antivirus Exceptions.
Note that site blocking always overrides the exceptions.
FAQ
Windows: Enable the password protection of the UI (locally in unmanaged, from the policies in managed), in order to prevent the local user disabling shields.
macOS: The administrator password is required to disable the shield. The antivirus UI cannot be password protected at this time.
Add the URL/IP address the application/site is connecting to as an exclusion in the Web Shield specific exclusions. Verify if there are any potentially conflicting applications (e.g. another antivirus) running on the system and remove it if found.
The local Antivirus is simplified with its controls in the UI. The user can only control all shield settings from these toggles at once, rather than individual settings for each shield.
We have the advanced controls in our managed policies to be able to configure each shield individually, which overwrites the local client settings, leading to these options being empty.
They are still configured correctly, they simply are not visible in the local client UI.
The managed endpoints are designed to be controlled from the policies, therefore the important shields are inaccessible from the UI to be disabled individually. Core Shields can only be disabled together.
Usually this indicates the underlying certificate of the website has the issue, rather than our certificate having a problem. Disabling the Web Shield temporarily and accessing the site again will show the original certificate which can be verified.
High speed connections greater than 20Mbits/s may see noticeable delays under certain conditions while Web Shield is enabled. For example, if a hard drive has an I/O speed of 30Mbits/s, the Web Shield can decrease the loading speed of a webpage because the hard drive I/O operations are doubled during active scans. In this case, the internet input of 20Mbits/s combined with 20Mbits/s of Web scanner data output then exceeds the maximum hard drive ability and can lead to noticeable delays.
Some network components or connection types may be incompatible with a parts of AVG Antivirus or Web Shield in particular, as the default setting for some routers and ADSL modems may expect a different connection or packet type. This mismatch can cause connection resets and timeouts. Web Shield scans may also cause a device to time out if the device has a short timeout setting.
AVG monitors reports regarding specific devices and contacts device vendors about frequent issues with proposed coding solutions or workarounds. However, many issues are related to specific settings within Web Shield and can be disabled without eliminating your protection.
No, this is not a supported scenario. For example, if you block all sites, or all TLD, for .co.uk, you cannot then allow specific sites within that blocked list/with the .co.uk domain. Site blocking always overrides the exceptions.